Medicinal cannabis company Cann Group has experienced a major cyber security incident involving a third party that stole $3.6 million in transactions meant for a contractor.
The ASX-listed company told its shareholders yesterday an unknown third party received several payments totalling $3.6 million related to works at its Mildura facility that were intended to be paid to an overseas contractor.
Cann Group said the breach was “a result of a complex and sophisticated cyber fraud” but did not confirm the details of how the event took place.
After the medicinal cannabis company discovered the breach on February 4, the company’s stock was placed in a trading halt the following day, and resumed trading when the ASX reopened on Monday.
Cann Group said it is working with its bank to try to recover the payments and has contacted its insurance brokers about making a claim.
“Immediate action has also been taken to ensure the integrity of Cann Group’s IT systems,” the company said in its statement.
Cann Group is currently building a large production facility in Mildura, Victoria, that will be used to cultivate and manufacture a range of medicinal cannabis products for patients in Australia.
Cann Group told shareholders it can continue its operations and projects, including the construction of its large-scale Mildura facility, despite losing such a considerable sum of money during the cyber breach.
The company has reported the incident to police in Victoria, Australia, as well as in both the Netherlands and Hong Kong.
Established in 2014, Cann Group was the first Australian company to receive a licence and permit from the federal government to cultivate medicinal cannabis in Australia.
The market size of legal Australian cannabis was valued at $222.9 million in 2019 and is projected to grow at a compound annual growth rate of 42% from 2020 to 2026, according to Grand View Research.
Cyber security incidents have risen throughout the pandemic, with the Australian Cyber Security Centre (ACSC)’s latest threat report recording 2,266 cyber security incidents between June 2019 and June 2020.
According to the ACSC, cyber security incidents have caused losses as high as $29 billion annually.